consuming the multicloud · accelerating innovation “56% of cloud adopters use cloud services to...
Post on 08-Jul-2020
1 Views
Preview:
TRANSCRIPT
Consuming the MulticloudHelps you deploy, monitor, and optimize applications in multicloudand container environments
KwaiSeng Lai
DC Technical Solution Architect, Cisco Systems, APJ
Accelerating Innovation
“56% of cloud adopters use cloud services to enable innovation,
50% to improve business agility”
“MicroservicesMomentum Accelerates”
“Digital disruption drives CIOs to double down on innovation”
“The more programmers on a company’s platform, the more
software applications are created, attracting customers and still
more developers — a flywheel of growth and profit.”
“Large enterprises increasingly embrace open-source software to attract developers and keep
up with digital-native competitors.”
3
The reality is anything but simple
Multiple public cloud services
New data protection regulations
Private data centers still
crucial
SaaS adoption rising
IoT exploding
4
Google trends
Docker
OpenStack
5 years
LTRACI-2967 5
Google trends
5 years
Kubernetes
OpenStackLTRACI-2967 6
Google trends
5 years
Kubernetes
vsphereLTRACI-2967 7
2013
Dev Prod
Dev Ops
I need a resources for a new project Please submit a
help desk ticket
Never mind…
Test
2019
Dev Ops
I need a resourcesfor a new project
Never mind…
Kubernetes Anywhere
Please submit ahelp desk ticket
Dev ProdTest
• Focused on Developer
• Creates a mechanism for developers to operationalize what they work on (DevOps)
On Premises
Blood and Sweat
Cloud
11
Cisco IT: A Spectrum of Workloads
Virtual VM
2500 Business apps & 500 SaaS In Use
90 SaaS assets (revenue gathering)50 engineering apps(for 40k developers)
Multi Cloud Operating Model
On Prem Public
Baremetal UCS x86
Private Cloud Public CloudsBRKCLD-1823
Growth Enablement
Cisco IT Cloud Evolution
GLOBAL DATA CENTER STRATEGY
Capacity(Optimize & Extend)
Software-Defined Intelligence
Speed
App/Data Transformation
MULTICLOUD STRATEGY
2007-2015 Today & Future
TRANSFORMATION
Capacity (Build)
Resiliency
Service Transformation
UI/Manual API Driven
Past Future
Operating Model
Traditional Cloud
Provisioning UI API
Architecture Integrated Cloud Native
Driven by Limited Automation
Software Defined Everything
Resiliency App Level Cloud Native
Security Enforced Pervasive
Customer Base
Mostly IT All
VISION
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
How did we get there?
Web Frontend
App
Backend
DB
Traffic patterns to
monitor
Web Server
Auth
Cart Payment
Search Recommendations
Other Service
Traffic patterns to monitor
Server1
Server2
Server3
Server5
Server4
Data Center 1 Data Center 2 Public Cloud
Operating the Death Star
14
BRKCLD-1003
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Microservices: what do I need?
Security
Automation
Visibility
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Problems to solve
• Diverse traffic patterns with no context
• Network and Security teams have limited to no visibility into container workloads
• Segmentation and security internal to the cluster can only be done by cluster administrators.
• Missing tools to troubleshoot network issues
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Segmentation
• Secure K8s infrastructure:
• network isolation for infrastructure related objects
• Network isolation between namespaces
• Controlling access between Kubernetes services and external services
PODPOD
POD
Frontend-EPG
PODPOD
POD
API-Gateway-EPG
Policy
PODPOD
POD
Backend-EPG
PODPOD
POD
Monitoring-EPG
Policy
Policy Policy
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Communications outside of the Cluster
• Non-Cluster endpoints communicating with Cluster:
• Exposing external services, how? NodePort? LoadBalancer?
• Scaling-out ingress controllers, how can you scale?
• Cluster endpoints communicating with non-cluster endpoints:
• POD access to external services and endpoints
Policy
PODPOD
POD
Frontend-EPG
PODPOD
POD
API-Gateway-EPG
Policy
PODPOD
POD
Backend-EPG
PODPOD
POD
Monitoring-EPG
Policy
Policy Policy
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Storage Access from Nodes
• Applications running in Kubernetes Pods that need high-bandwidth, low-latency traffic to data external to the cluster suffer the bottleneck imposed by the egress router implementation. i.e. centralized storage from node or PODs:
• iSCSI, NFS, GlusterFS, CEPH, etc.
• HyperFlex
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Operations
• Skills gap between network and Kubernetes admins
• Visibility and governance of network policies
• Simplified Network Operations
Developer Network AdministratorInfosec
Demo:Container Visibility with ACI
In this live demo:
• Control Plane view
➢ K8S node mapping
➢ K8S objects mapping
• Data Plane view
➢ EPG mapping
➢ Namespace annotation
Visibility
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
ACI makes containers visibile and manageable!
• Seamless experience to Kubernetes users
• Network admins have visibility at control plane and data plane level
• Network admin can create consistent policies encompassing baremetal, virtual machine and container domains
• Flexible EPG mapping model, can enable enforcement by annotating deployments
Everybody is happy, everything is green! ☺
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Problems to solve
• Resources used are out of control
• Misuse of public cloud resources
• Where are my corporate policies?
Demo:CCPTenant Cluster Creation
AutomationVisibility
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Silence LB SVC
SilenceAPI Server
K8S Deployment
Foo
lC
lust
er-
IP S
VC
Jungle LB SVC
JungleWeb Frontend
K8S Deployment
StairwayTraffic/Incidents
K8S Deployment
RainbowMusic Events
K8S Deployment
FoolWeather Service
K8S Deployment
Rai
nb
ow
C
lust
er-
IP S
VC
Stai
rway
Clu
ste
r-IP
SV
C
Tarantula Architecture
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Cisco CI/CD for Containers
Tenant AlphaL4/L7 SG
User commit1 Jenkins detectsit and
downloads code
2
Jenkins buildscontainer images
and uploads to registry
3Jenkins requestsCCC to deploythe App
4
CCC gets the images and deploys to K8S
5
Services are created in K8S and ACI
6That’s it7
Demo:CI/CD
• CI/CD workflow demo
• Container services in CloudCenter
• CloudCenter Application Profile
Automation
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Wait! Why CloudCenter when I can use K8S directly?
• Governance!
• Mixed apps (VM/Containers)
• Multi/hybrid cloud with single profile modeling(Model once, deploy everywhere)• This includes multiple k8s clusters (technically
different Clouds/Regions)
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Multiple Clouds – Multiple Interfaces
DEVNET-1139
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Multiple Clouds – With CloudCenter
DEVNET-1139
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Problem solved!
• Easy way to create managed, monitored and scalable Kubernetes clusters with CCP
• Support CI/CD chain with:
• Governance
• Multi-tenancy
• Cost control
• Agnostic application modeling
Back in control ☺
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
The Multicloud Consume so far…
Reliable and flexible infrastructures
Analytics and Monitoring
Uptime
Scale
Prevent
React
CI/CD Infrastructure and tools
Agility
Governance
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Security problems to solve
• Core business apps run in vulnerable infrastructures
• Lack of granular, intent-based security policies
Address the security issues withTetration
• Assess VM/Kubernetes node vulnerability
• Create and monitor flexible policies based on Kubernetes annotations
VisibilitySecurity
Address the performance issuewith AppD
• AppD machine agent
• Server monitor
• App Helicopter view
• App Drill down and waterfall
Visibility
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
App security and performance monitor
• Assessed infrastructure vulnerability
• Implemented filters to create flexible, extremely granular policies based on arbitrary tags
• Assess performance from an application and infrastructure point of view
• Drilled down and analyzed each single step of the applicatione2e experience
Continue in Monitoring & Protecting the Workload Session!
Let’s sum it up
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Tetration
AppDynamics
CloudCenter
The integrated story
K8S Master
K8S Workers
Tenant Cluster AlphaCCP Control Plane
Tenant Alpha
Cisco Connect 2019 Malaysia, Kuala Lumpur . 18 April 2019
Microservices: what we offer
Security
Automation
We cover the full stack!
Visibility
CCP CloudCenter
TetrationAppD
Tetration
ACI CCP
top related